Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner (Paysafe)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 10.01.2013, 19:12   #1
centurio_bla
 
GVU Trojaner (Paysafe) - Standard

GVU Trojaner (Paysafe)



Hallo zusammen,

mein Sohn hat ebenfalls einen GVU Trojaner eingefangen.
Bin als Laie leider hilflos.

Ich führe vorsorglich einen OTL Scan durch, das sollte Euch hoffentlich helfen.

Log Files folgen.

Besten Dank!

Extras.txt (Bemerkung: Computername wurde durch "***" ersetzt)

Code:
ATTFilter
OTL Extras logfile created on: 10.01.2013 18:52:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\mhvn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 3,34 Gb Available Physical Memory | 86,51% Memory free
7,71 Gb Paging File | 7,22 Gb Available in Paging File | 93,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,14 Gb Total Space | 368,03 Gb Free Space | 80,86% Space Free | Partition Type: NTFS
Drive F: | 25,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: *** | User Name: mhvn | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09004233-493A-4391-97B7-A5BFFF6E5283}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{0DC75824-3410-422E-A760-803797C33EA8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0E7F8796-4E6B-4E37-BCE0-5A28E72E8054}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1642CD04-4273-4E91-AFE5-BF7B9C6D8EC2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1D5B1A97-7D34-498F-A303-39926F9EC566}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{34163EB3-6137-4E95-BA14-1D664F1A516E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{395236C8-4694-4F19-A494-8F54DF075B6D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{44828939-5D1A-445B-A5C6-C0AEFC8EF663}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4ECC9ED0-3CCA-44D6-B087-458774D6EF55}" = rport=137 | protocol=17 | dir=out | app=system | 
"{65439844-A82D-42B6-B71D-1D01728A5B13}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{68EDBEC1-3871-4D9B-8BD4-BE7CF521B746}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6C74A607-2B2C-4F0A-B469-D1384BFFCD92}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7B0F2EC1-F06E-4A0B-BFA0-B0C4D013E02C}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{7F62626A-CED3-4E33-BDC8-1EF401F9C0C9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{9178E245-2DFC-4EE4-8700-F26BEE7947AA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{96CC450D-375F-4FCB-860D-6635C8BC1FE7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AC173001-99E7-4C08-8B1A-E9440D7A7F3C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C0493D8A-1EFD-49DF-9278-BA96E0BE5CCA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C430DA4C-0FEE-4E8E-94DF-E3AE2994BFB2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D0A2711B-CCE2-4AF6-A92B-CC33B2845B60}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D1611589-C7DF-4A6F-A86A-1952F2FC944F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D8883483-3B1F-494D-98B7-CD6B3BBFA3EF}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{DD9CD87C-D453-491B-A5A8-6F3D9750F85E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EBF0C405-2D63-4D48-AC29-625DDDD13BBF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EFD93783-ED33-4C97-8124-151C739135EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F0FC202A-E0D6-4403-BABE-57F4F51DE8F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FB7D33D2-09E5-4E13-9691-25BCE252121C}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C8542B-4323-4D1E-9358-C86E18D21AAB}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{05012BC2-6B21-477C-BB81-94A8978B43D2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0ADD05D5-7067-47FB-98EE-79326791CDD8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{0C09BE28-5523-4FDC-9843-A346C37E3252}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{19EBD1A5-AC35-4069-9DC7-9535F5275540}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1CB9AEAA-770D-4B42-A54B-C55F34AB7258}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{227ABC54-C6A9-4E03-A49E-641BE61E926D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2A8B0230-9393-4C16-9727-07C8AD9C4C70}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{2FA0060E-AB71-43E3-BA0E-2889EC7F4C38}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3577882B-4B8E-4DFE-9346-E91C6873C5B2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{37012B81-9826-424B-8AC1-3D91FD3CA795}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{385DACF6-3D18-4F69-B680-67DAC6E038BE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{3F0B848C-48E7-4B9C-BD20-73F909071B3B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{43C7D522-225B-414B-96F0-CB8FBC6E079F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{509517E3-7CA8-43E4-9E4E-D0F092490525}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5B75F2BB-75E3-4EE0-A7B4-55C91634E6EB}" = protocol=6 | dir=out | app=system | 
"{66BE2433-71E1-45AE-B51D-B11F34AAC8C7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{729487D3-B8A0-4752-8F0F-A0E47FF2F4B3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{74B25970-CFF8-4137-89E9-AB88E19AD83B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{77A5272B-EC41-4635-A6A6-5C449F7ECA49}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{8939FBEC-160B-4971-ACFF-D12B33560586}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{92BCB5C6-9C23-4419-AC44-E2CBDED930D3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{96972D2D-1870-4C9B-9C86-AE5E719539F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9C1C9756-4F85-4587-A15B-ED2633EFE4F5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A0027494-7D23-4921-91AF-D51F17DD26CD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{A68ACA36-F44F-48F0-B341-0C912ECA7C35}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{AB2BEA9C-FC80-4CC5-8EF7-C11A927BB842}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AD1CA643-6A0B-4004-A04B-324F6AF68678}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{AE2A8701-8B4B-4402-8EB8-BF0DE93A6D13}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{B3B6E64C-B368-43E2-B8EA-F476FD34D2A1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{BD6C0C4E-6E86-41E3-BCC9-439E0B9C53EF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{BEC02E12-C58E-449E-A916-4036EDB0DD9D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C33FC803-55D1-4278-AC22-3E0DAD72877E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C5CC4D10-3A3D-43DA-A308-7E77B86F9866}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C94C6DA0-9682-480E-A644-923CB13F8C64}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{C9AE18F7-162C-486C-BA75-79E96EACF17A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CC0012AF-DC92-44C6-99D3-FAF7D36F8C3A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CE002317-34BA-4B60-8E53-213DDA15EBDB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{DF50FF3A-ADA7-47B3-B082-77C63E8504C9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F121F9B0-06B6-40E4-89F2-4A6056118189}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F2E17232-A9F5-4012-A2A4-82CFC0ACF335}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F97C6696-32F1-4F7E-BA73-2EAFEC9B34CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FE716FA7-B9CB-4E78-B3BD-13ECEE32E2DD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{59FBCB12-6B52-4DD7-98FB-587AF58C04B1}C:\program files (x86)\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ws_ftp\ws_ftp95.exe | 
"TCP Query User{89D0F67C-B787-4389-B9BB-20AB9D299665}C:\windows\syswow64\ipcamera.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\ipcamera.exe | 
"TCP Query User{E9F1491B-9359-461B-9138-B0685CF21657}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{F14F44AF-5FF4-4818-A1B8-8844D549D086}C:\windows\syswow64\ipcamera.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\ipcamera.exe | 
"TCP Query User{F57D67BC-C65E-452B-BA85-A71F333A691E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{FD75E862-D9C0-44A5-86D5-D57E3690B701}C:\program files (x86)\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ws_ftp\ws_ftp95.exe | 
"UDP Query User{07FD7CBE-3ADE-4BD6-9A3C-0F06582E2CEE}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{14D70BCC-7145-4D52-A91D-E529E37D8AF7}C:\program files (x86)\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ws_ftp\ws_ftp95.exe | 
"UDP Query User{387A098E-29AF-4CE6-90F3-0CC7B874DFB9}C:\windows\syswow64\ipcamera.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\ipcamera.exe | 
"UDP Query User{4F3B04A0-788D-46E7-9A8E-1C8C42ADFBEF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{5485F2AC-A3BC-41EF-A253-3E95E54248FA}C:\program files (x86)\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ws_ftp\ws_ftp95.exe | 
"UDP Query User{EE490587-4831-4CF2-8FCB-E347B95DF82F}C:\windows\syswow64\ipcamera.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\ipcamera.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017739C5-708B-4F4F-BAD3-FA2FF5431E15}" = VAIO Content Metadata Manager Settings
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E1746EF-F5BF-4677-8F30-04FE399130DA}" = HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{259FD439-13B0-0136-D0A0-FA89BB05831D}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5BC83141-83DD-07BE-C940-04B385540F04}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8CBBBC4D-B0B6-49DB-A421-98C65080D8EE}" = Eraser 6.0.7.1893
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{A77A198F-B60B-481C-A645-64EE80849A12}" = VAIO Content Metadata Intelligent Network Service Manager
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2DAB009-8236-48A0-AD7F-E940F5AB1578}" = HP Photosmart Plus B209a-m All-in-One Driver Software 14.0 Rel. 6
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D506EFC9-08DF-47E4-A7BF-98305BE25250}" = VAIO Content Metadata XML Interface Library
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 4.5)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405)
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.7)
"HitmanPro37" = HitmanPro 3.7
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{010237D8-8494-4E56-90CE-3194D3F521E6}" = VAIO Content Metadata Intelligent Network Service Manager
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07B7598E-1FB8-1A95-7A30-F534A55726B4}" = CCC Help Czech
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{159E5135-4BEA-52B7-8CDC-823F1ED6D8A5}" = CCC Help Spanish
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CA3A991-B03D-4C92-9922-315E5434E87B}" = PS_AIO_05_C4600_Software_Min
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FD416D0-CC16-41D1-A25C-C9986CD8BBAB}" = VAIO Content Metadata Intelligent Analyzing Manager
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{208345BE-27BB-4367-B245-A5B6E764FDD0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2110ECBD-BF15-4673-8852-8C68DDEB26AC}" = Media Gallery
"{21E548DE-0C2B-4843-8A7B-E69B4CF8BA33}" = VAIO Content Metadata Manager Settings
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung
"{265F0D95-A883-7162-0458-B78085B6B693}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{27F9068F-27D3-42FF-BE10-94CC94F46F33}" = VAIO Content Metadata Manager Settings
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F66901C-D9F2-4C83-9808-2DA0166265B6}" = VAIO Content Metadata Intelligent Network Service Manager
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
"{35111E7A-03B9-25EC-F434-A1CD976907FC}" = CCC Help Chinese Traditional
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{427E8AD0-A4B1-D225-836E-CCB6068B490A}" = CCC Help French
"{44D25B45-5C0E-2187-6739-E2FA0E8AFE1D}" = CCC Help Portuguese
"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4E6DF745-C99E-909F-BCF0-B7C24A51E56E}" = CCC Help Japanese
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5736590B-36C7-4881-5EBE-F9B390F00774}" = Catalyst Control Center Core Implementation
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5D062554-2823-4205-ABBC-390AE5B72C45}" = VAIO Content Metadata Manager Settings
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{61F569A3-1647-B6F4-08C8-40A011831827}" = CCC Help English
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{656FDFA4-C7C6-40D9-99F7-F6F331412AEF}" = WarrantyExtension
"{68249B7B-B714-11D7-88E8-0050DA21757E}" = Java 2 Runtime Environment Standard Edition 1.3.1_20
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A3F204B-323C-7E32-F890-A7308768728D}" = CCC Help Russian
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D8ED20E-E792-4DAC-BB66-009836CBD80B}" = VAIO Content Monitoring Settings
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7002773F-2A53-E9F2-E161-DB3DDA0F05BE}" = CCC Help Hungarian
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76DECE17-BCF5-9640-2854-3CA049834A40}" = CCC Help Chinese Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79C3D1B6-32CB-43DF-BA80-CE48E7A2D6C7}" = VAIO Content Metadata Intelligent Network Service Manager
"{7A63F0C4-6B2B-694C-ED72-D0670612BC29}" = CCC Help Swedish
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7D1DDBF1-2948-4603-B06A-0E36487CC857}" = VAIO Content Metadata XML Interface Library
"{7D386596-0E80-4808-8AAE-C1DDA8212F7F}" = Adobe Setup
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88001121-87E2-2104-F9F5-ECC15DFCA1E0}" = Catalyst Control Center Graphics Full Existing
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EB34C0B-AF54-F265-844C-3E6FA9AE2FCD}" = CCC Help German
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91CA0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{935B5086-C002-0FBC-0723-5741D2478EE7}" = Catalyst Control Center InstallProxy
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{96D8E26D-70CB-44DE-AE50-43095A39E5B2}" = VAIO Entertainment Platform
"{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C73041C-AB71-995D-EEC7-B4E940F93F36}" = CCC Help Finnish
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics
"{9E0E1E3B-229C-4CF9-8A39-4455477327E4}" = C4600
"{A158A7A4-495E-225F-E6A2-C8EC20B65DB7}" = svBuilder
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A8D53A4E-77A1-E23E-A396-6D9C86A2F273}" = Catalyst Control Center Graphics Full New
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95187EF-BCF4-4468-B501-C0BAB976ADD1}" = VAIO Personalization Manager
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB259D46-F851-41B0-9AFA-AED8998AD68A}" = MusicStation
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1DADBEB-7F82-4B29-84D6-5F14A020F0A0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BCA907B6-5A0F-473E-8C63-0FF0CFAEB7B7}" = VAIO Personalization Manager
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BFF37C6E-D735-4487-390C-271E030AA62C}" = CCC Help Italian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C2E171F6-9B58-4CE1-7B8B-B69FA04EBAB8}" = Catalyst Control Center Graphics Previews Vista
"{C459D829-0FF0-C210-B2BF-83DB63FC1D61}" = CCC Help Korean
"{C5529BC1-C2BF-44E8-B62A-01913D70081C}" = Catalyst Control Center - Branding
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C83B7CBB-C736-BF46-9832-7A9D07E9D94C}" = CCC Help Polish
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDC8DBA8-37FF-4C82-84FF-DEBEDF93BEC4}" = PS_AIO_06_B209a-m_SW_Min
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D49989B0-7BC2-F7F1-8017-3257F617347A}" = Catalyst Control Center Graphics Previews Common
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6DEC295-88A0-5CFA-0B29-C8FDF091FFD3}" = CCC Help Dutch
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DF693121-40C0-3020-D655-612E51616423}" = CCC Help Danish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E24B9887-D3A0-434B-8D60-F1F06CACC127}" = DATA BECKER CD-Druckerei 6
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14
"{E3DC1111-5D32-40F9-BB81-64E31294C1A4}" = VAIO Personalization Manager
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E617721F-B66C-4D5A-AA2A-B2D60820CDC3}" = B209a-m
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EBDDC3CC-343A-C0DD-79BA-8A12D0A2CA10}" = CCC Help Turkish
"{ECF0D151-BCA0-8E6D-62DB-5D44DB4A3836}" = CCC Help Thai
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F1B95046-E9DA-CFEC-42A8-C8224646AA32}" = ccc-core-static
"{F30FE437-0E45-D409-F629-5D86960A6591}" = CCC Help Norwegian
"{F400E7EB-BF07-4D9C-8AAE-81DF98CAF3F2}" = VAIO Content Metadata XML Interface Library
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5CC9A13-6C57-4948-75A8-3A2C92A3183B}" = Catalyst Control Center Localization All
"{F67C14C0-D73E-C55B-E132-B1904A1A709C}" = CCC Help Greek
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F7E8DD1D-9BFD-38BB-86A5-BEF313B00C51}" = Catalyst Control Center InstallProxy
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"{FBED4E82-750B-4D00-9719-90358BF3942B}" = VAIO Content Metadata XML Interface Library
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"7-Zip" = 7-Zip 9.14 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_25db75244653b42cb93dc27939d1c0e" = Adobe Dreamweaver CS3
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Avira AntiVir Desktop" = Avira Free Antivirus
"ElsterFormular für Unternehmer 12.2.1.6570u" = ElsterFormular-Upgrade
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"IP Camera" = IP Camera
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MarketingTools" = VAIO Marketing Tools
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"splashtop" = VAIO Quick Web Access
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"svBuilder" = svBuilder
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"VAIO Help and Support" = 
"VAIO Premium Partners" = VAIO Premium Partners
"VAIO screensaver" = VAIO screensaver
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.01.2013 18:16:37 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11810
 
Error - 09.01.2013 18:16:37 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11810
 
Error - 09.01.2013 18:16:38 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.01.2013 18:16:38 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12808
 
Error - 09.01.2013 18:16:38 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12808
 
Error - 09.01.2013 18:16:39 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.01.2013 18:16:39 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13822
 
Error - 09.01.2013 18:16:39 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13822
 
Error - 09.01.2013 18:26:17 | Computer Name = *** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "H:\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 10.01.2013 12:17:09 | Computer Name = *** | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})
 (Fehlercode = 0x80042000)
 
Error - 10.01.2013 12:17:09 | Computer Name = *** | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
[ System Events ]
Error - 10.01.2013 13:44:47 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.01.2013 13:44:50 | Computer Name = *** | Source = DCOM | ID = 10005
Description = 
 
Error - 10.01.2013 13:44:50 | Computer Name = *** | Source = DCOM | ID = 10005
Description = 
 
Error - 10.01.2013 13:44:51 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.01.2013 13:44:51 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.01.2013 13:44:51 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.01.2013 13:44:51 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.01.2013 13:44:51 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.01.2013 13:44:51 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.01.2013 13:46:23 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
OTL.txt

Code:
ATTFilter
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         

 

Themen zu GVU Trojaner (Paysafe)
7-zip, avira searchfree toolbar, becker, ebenfalls, eraser, files, folge, gvu trojaner, hallo zusammen, hoffe, install.exe, otl scan, paysafe, plug-in, richtlinie, scan, tr/winlock.jc, tr/winlock.jc!, troja, trojaner, zusammen




Ähnliche Themen: GVU Trojaner (Paysafe)


  1. Paysafe-Trojaner eingefangen - was kann ich tun?
    Plagegeister aller Art und deren Bekämpfung - 20.12.2013 (16)
  2. Paysafe-Trojaner eingefangen
    Mülltonne - 13.12.2013 (0)
  3. Bundes Trojaner - 100 € PaySafe - PC gesperrt!
    Log-Analyse und Auswertung - 12.07.2013 (11)
  4. GVU, BSI Paysafe Trojaner 48h Countdown
    Plagegeister aller Art und deren Bekämpfung - 12.01.2013 (11)
  5. AKM 50€ PaySafe Trojaner
    Log-Analyse und Auswertung - 13.11.2012 (10)
  6. AKM/BMI €50 Paysafe-trojaner Problem
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (2)
  7. DVU Trojaner, Ukash und Paysafe
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (18)
  8. Trojaner BMI AKM Paysafe
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (26)
  9. AKM/BM.I Paysafe Trojaner (Einzahlung 100€)
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  10. Hilfe! Paysafe-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.06.2012 (4)
  11. Ukash/Paysafe-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 23.05.2012 (9)
  12. 50 Euro Paysafe Trojaner
    Log-Analyse und Auswertung - 23.03.2012 (3)
  13. AKM/BMI €50 Paysafe-trojaner (PC-Zugriff gesperrt)
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (11)
  14. Polizei Trojaner 100Euro Paysafe
    Log-Analyse und Auswertung - 22.03.2012 (1)
  15. Trojaner 50 € Paysafe // Windows gesperrt
    Log-Analyse und Auswertung - 21.03.2012 (3)
  16. gema - paysafe trojaner...
    Plagegeister aller Art und deren Bekämpfung - 02.03.2012 (15)
  17. Gema Paysafe Trojaner 50 Euro
    Log-Analyse und Auswertung - 21.02.2012 (11)

Zum Thema GVU Trojaner (Paysafe) - Hallo zusammen, mein Sohn hat ebenfalls einen GVU Trojaner eingefangen. Bin als Laie leider hilflos. Ich führe vorsorglich einen OTL Scan durch, das sollte Euch hoffentlich helfen. Log Files folgen. - GVU Trojaner (Paysafe)...
Archiv
Du betrachtest: GVU Trojaner (Paysafe) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.